6 replies to this topic

[NikEy]

Hi,

I was wondering what you guys think might be the best language for creating trojans/virues/worms? The goal should be to make it as versatile as possible, i.e. making it work on most windows versions, and possibly other systems.
So here my thoughts:

• VB: Useless, since it requires runtimes and this would even exclude standard XP installations.
• ASM: Ok, but the amount of flexibility goes down considerable with complexity of the code. Still one of the better alternatives.
• Python/Java/other script languages: Useless, since script languages can be easily decompiled and this needs to be avoided at all costs in my case! Also some people choose not to have JRE at all. On the upside, it's portable.
• C#: That would be my preferred solution since I find C# to be quite beautiful. However, requires the .net framework, which is only supported by Vista with version 3.0. Not sure if that's enough. Would like to have XP included.
• C/C++: Doesnt require dependencies. Efficient. And it's what i am using right now. Having programmed in c++ for like 5 years it's not that bad, but I would prefer a decent garbage collection.

Any comments on that? Those are only the languages that I can program in. How about others, such as Go, etc? Do they offer some decent upside?

btw, happy to share my code/binaries to the people that help me here, once it's done.

Regards
_N

[aelphaeis_mangarae]

There have probably been about 50 threads on this forum that are similar to this over the years.

In regards to VB, if you aren't referring to .NET it isn't only useless, it's insanity. I met someone not too long ago that programmed in VB .. thought like saying "seriously dude, are you ****ing insane?".
VB is ancient now.

As far as C# goes, I would expect actually most people with XP would have .NET 3.5 installed, maybe there is some information on this somewhere. Remembering that downloading the latest .NET framework is simple and windows update would keep most people up to date with the latest version of the .NET framework, some would choose not to install it though.
No reason you can't use .NET framework 2.0, alot of people would have that I would think.

If you don't mind doing memory management and anything else that isn't done for unlike other languages yourself then C/C++ is great for a backdoor. As far as Assembly goes unless you are doing something small and is worth doing in ASM I would go with C/C++ instead.

[owaspa]

Well i am about 101% sure that you can use .net 3.5 and 3 on Windows XP. And yes: You can use both at the same time even "compile"...meaning test and run your solution on the 2 one after another....to see if linq is such a helpful thing. Net is faster for writing...but when you write a trojan people that install it will most likely won't be able to run it - since according to many online sources about 50% of the computers out there use xp still and assuming that the majority of them don't have .net installed by default - then say every 3th compuer that will use your computer would not be able to . Stil, 66% might...cut it...

[infiltrator]

I may be wrong but most viruses would probably have been written in Delphi.
Reasons I can think of is optimization and relative simplicity to achieve a given task.
I know some worms/viruses that were unleashed in the past were written in Delphi.

http://intjforum.com...hp/t-48534.html

[aelphaeis_mangarae]

I may be wrong but most viruses would probably have been written in Delphi.

You are wrong, most viruses are written in C/C++.

[infiltrator]

I may be wrong but most viruses would probably have been written in Delphi.

You are wrong, most viruses are written in C/C++.

May be not most, but I know of several worms that have been written in Delphi.

[OpticHash]

Hello All,

@aelphaeis_mangarae: There are many many trojans written in Delphi just because of the simplicity and the ability to use assembly if needed. OpenSC has many many examples but is currently down at the moment.
http://web.archive.o...sc.ws/forum.php



Back to the orignal topic has anyone heard of D?

D is designed with lessons learned from practical C++ usage rather than from a theoretical perspective. Even though it uses many C/C++ concepts it also discards some, and as such is not compatible with C/C++ source code. It adds to the functionality of C++ by also implementing design by contract, unit testing, true modules, garbage collection, first class arrays, associative arrays, dynamic arrays, array slicing, nested functions, inner classes, closures, anonymous functions, compile time function execution, lazy evaluation and has a reengineered template syntax. D retains C++'s ability to do low-level coding, and adds to it with support for an integrated inline assembler. C++ multiple inheritance is replaced by Java style single inheritance with interfaces and mixins. D's declaration, statement and expression syntax closely matches that of C++.
The inline assembler typifies the differences between D and application languages like Java and C#. An inline assembler lets programmers enter machine-specific assembly code within standard D code, a method often used by system programmers to access the low-level features of the processor needed to run programs that interface directly with the underlying hardware, such as operating systems and device drivers.
D has built-in support for documentation comments, allowing automatic documentation generation.

http://en.wikipedia.org/wiki/D_(programming_language)

It looks to have a nice balance with between high and low level functions while still supporting garbage collection and writing system drivers. Also this is compiled into machine code (duh if your writing drivers), so nothing is interpreted. Thoughts?